Configure audit policies for DCs on Server 2008 R2 or higher

<< Inhaltsverzeichnis anzeigen >>

Navigation:  Start > Install & Config > Configure scans and logga > Configure Active Directory (AD) Logga > Enable monitoring for the AD Logga > Configure audit policies for domain controllers (DCs) >

Configure audit policies for DCs on Server 2008 R2 or higher

You can use the group policy editor to manage audit policy on server 2008 R2 or higher. This means you only need to implement the policy once rather than having to repeat it for every DC.

Please note that the activation of audit policy may be delayed on the domain controllers (DCs) depending on your replication interval.

 

Once you have completed these settings:

 

complete a manual policy update with the command "gpupdate /force"

Verifying the execution of audit policies

 

 

8.0 EN configuring audit policies 2008 R2 or higher 01

 

Start managing group policies, by opening:

gpmc.msc




8.0 EN configuring audit policies 2008 R2 or higher 02

 

Create a new group policy.

Select the OU in which the DC computer accounts are located. By default they are located in the OU "Domain Controllers".

 

Please ensure that the newly created policy is applied/winning to the appropriate DCs (hierarchy and order).

 

Warning

The order in which you set the options affects the effectiveness of the policy. Follow the order given here!

 




8.0 EN configuring audit policies 2008 R2 or higher 03

 

Select the newly created group policy by right clicking and selecting "edit".




8.0 EN configuring audit policies 2008 R2 or higher 07

 

1.Navigate to "security options".

2.Select the policy "Audit: Force audit policy...".

3.You can activate the security policy by right-clicking and selecting "Properties", as shown in the diagram.

 

Warning

The order in which you set the options affects the effectiveness of the policy. Follow the order given here!

 




8.0 EN configuring audit policies 2008 R2 or higher 04

 

1.Navigate to account management.

2.Use multi-select and select all subcategories.

3.Activate the audit by right-clicking and selecting "Properties", as shown in the diagram.




8.0 EN configuring audit policies 2008 R2 or higher 05

 

1.Navigate to "DS Access".

2.Select the subcategory "Audit Directory Service Changes".

3.You can activate the audit by right-clicking and selecting "Properties", as shown in the diagram.




8.0 EN configuring audit policies 2008 R2 or higher 06

 

1.Navigate to "Change policy".

2.Select the subcategory "Audit Audit Policy Chang".

3.You can activate the audit by right-clicking and selecting "Properties", as shown in the diagram.

 

Once you have completed these settings:

 

complete a manual policy update with the command "gpupdate /force"

Verifying the execution of audit policies